Steve Wood writes about the value and
risks of anonymization on the Information Commissioner’s Office
blog. He writes, in part:

Whilst the ICO
supports the use of anonymisation techniques organisations must not
be complacent. It may be simple to aggregate and anonymise some
datasets but it is often not as easy as one might expect. For
example while a piece of information may appear to be anonymised when
looked at in isolation, this may not necessarily be the case when you
look at this information in context with the other information
already available in the public arena. With ever increasing amounts
of data in the public domain this can be challenging. This
is why it is so important that anonymisation is carried out
correctly.

There have been
some high profile examples of anonymised datasets being “broken”
in the US. We believe these were examples of poor and complacent
anonymisation. It is simply unrealistic, as some commentators have
called for, to stop using anonymisation techniques because of the
risks. It is a call to ensure anonymisation techniques are more
effective and that organisations deploy the right expertise. The
demands for open data, big data and information sharing in our
information society will not disappear – there are often strong
arguments on their favour. What we must do is address the privacy
risks with the best privacy enhancing techniques available and make
judgments on a case by case basis whether data can be disclosed
publicly.

The ICO also
stands by to take swift enforcement action against those who
negligently or complacently place individuals’ privacy at risk
through poor standards of anonymisation.

As I read this, any site that responded
to your browser is a way not entirely consistent with its Privacy
Policy would be vulnerable to a charge of “misleading users and
rendering privacy protection tools ineffective.” I say, “Let the
Class Actions begin!”

Amazon has settled a lawsuit alleging
that it circumvented the privacy settings of Internet Explorer users,
according to court papers filed on Thursday. Details of the
settlement, including any financial terms, have not been made public.

… Since 2001, Internet Explorer has
allowed users to automatically reject certain cookies, including
tracking cookies, but this feature only works when Web site operators
provide accurate data about their privacy policies. (That feature is
different from the new do-not-tracksetting
in IE10).

But a Carnegie Mellon University study
that came out before the lawsuit detailed how Web companies thwart
privacy settings by providing incorrect data to Microsoft's Internet
Explorer. That report stated that many operators "are
misrepresenting their privacy practices, thus misleading users and
rendering privacy protection tools ineffective." Amazon
allegedly was among those operators. Rather than using a readable
code, Amazon's compact policy was "gibberish," the lawsuit
alleged.

… The case was filed as a
class-action, but Amazon settled the lawsuit before it was certified
as a class-action.

"Judge Susan Illston has said
she will approve
a $22.5 million settlement deal between Google and the FTC over
the company's practice of circumventing
privacy protections in Apple's Safari browser to
place tracking cookies on user's computers. Judge Illston also
expressed concern about what will happen to the tracking data Google
collected, since the settlement doesn't call
for Google to destroy the data."

Ubiquitous Surveillance may require us
to surveil ourselves. Be ready.

Surveillance companies will charge you
a fortune if you want to get any type of surveillance system
installed. Even a minor surveillance system will end up costing you
a lot since not only do you want a straightforward video monitoring
tool but you also want a way to store video archives. With a regular
surveillance solution, you need to employ an extra hard drive for the
video archiving task.

But there is a tool with which you can
not only set up video surveillance using a camera and existing
computers, but you can also extend the surveillance to iOS and
Android smartphones. This tool is called Ivideon.

The Russian Federation is calling on
the United Nations to take over key aspects of Internet governance,
including addressing and naming, according to documents leaked on
Friday from an upcoming treaty conference.

The Russians made their proposal on
November 13 in the lead-up to December's World
Conference on International Communications in Dubai. The
conference will consider revisions to the International
Telecommunications Regulations (ITRs), a treaty overseen by the UN's
International Telecommunications Union (ITU). The treaty has not been
revised since 1988, before the emergence of the commercial Internet.

… The treaty
negotiations and its documents are secret, though many
have been exposed through the Web site WCITLeaks,
run by two researchers at George Mason University.

"The [proposed] additions to the
ITRs...are aimed at formulating an approach that views the Internet
as a global physical telecommunications infrastructure, and also as a
part of the national telecommunications infrastructure of each Member
State," the Russian proposal says.

… Currently, the ITRs cover only
international telecommunications services (PDF).
But the Russians propose adding a new section to the treaty to deal
explicitly with "IP-based networks." Bringing the Internet
into the treaty in any capacity would represent a major expansion of
the scope of the ITU's authority.

The leaked proposal would strongly
endorse national control over those parts of the Internet that reside
within a country's borders, including ISPs, traffic, and engineering.
One suggested change to the treaty, for example, declares that
"Member States shall have the sovereign right to manage the
Internet within their national territory, as well as to manage
national Internet domain names."

What if Kim Dotcom is right? What if
the only reason he was busted is that the RIAA wanted to make him an
example. Or is this just aggressive lawyering?

A federal judge has partially unsealed
the warrant he issued that allowed MegaUpload's domain names to be
seized.

… The search warrant offers very
little new information about what kind of evidence the U.S.
government possesses to support its case. But Ira Rothken, the
Silicon Valley attorney who oversees MegaUpload's worldwide defense,
says the document shows that U.S. officials misled
the judge when applying for the warrant...

In asking for the search warrant,
prosecutors said in June 2010 they warned MegaUpload via a criminal
search warrant that the company's servers housed more than 30 pirated
video files and managers had not removed them even as late as
November 2011. But Rothken said, the government omitted an important
part of the story.

"In our view that's a misleading
statement," Rothken said. "MegaUpload was served with a
criminal search warrant for alleged third-party user conduct and was
advised not to interfere with that criminal investigation or with the
files -- as such disclosure, would jeopardize the ongoing
investigation. To ask MegaUpload to cooperate and then use that
cooperation against them, to us seems to be both unfair and
misleading."

U.S. District Judge Liam O'Grady
unsealed the documents at the request of Kyle Goodwin, a MegaUpload
user who said he wants his personal videotapes of high school
football games returned.

For my Students: Something to do before
the e-Dog eats your homework...

eBook popularity has been skyrocketing
in the past few years and it doesn’t look like it will slow down
anytime soon. First the Kindle, then the Nook, then smartphone apps
like Aldiko
and Mantano–there
are so many ways to read eBooks now. If your eBook format of choice
is .EPUB, then here’s some good news – you can read them straight
from your browser now.

EPubReader
is a Firefox addon that loads .EPUB files and presents them for
viewing. It may not look like the prettiest addon out there, but it
sure makes the whole reading experience easy and enjoyable.

… The
BBC reports that students in Denmark will be
able to access the Internet when they sit their final school exams.
They’ll be able to access any website they want, but just not
communicate with others. [Contrast this with some of
my fellow adjuncts who refuse to allow students the use of
WolframAlpha. Bob]

… The digital music education
platform Chromatik
officially launched this week with an iPad and a Web-based
application that stores digital sheet music, as well as helps you
learn, practice, share, collaborate, and record music — with
friends, band-mates and teachers alike. The app has been in private
beta up ’til now, but with some fairly high profile early testers,
including American Idol.

… The Gates Foundation
is giving $1.4
million to the research group Ithaka S+R to study the impact of
MOOCs at public universities in Maryland. (The same
research group published a study
earlier this year about students’ learning statistics from
automated software — so I bet this research prove to be a big win
for robo-teachers.)

Friday, November 16, 2012

"After losing another laptop
containing personal information, NASA wants to have all of its
laptops encrypted
within a month's time with an intermediate ban on laptops
containing sensitive information leaving its facilities. Between
April 2009 and April 2011 it lost or had stolen 48 'mobile computing
devices.' I wonder how long it will be before
other large organizations start following suit as a sensible
precaution?" [Me too Bob]

But surely a computerized fire alarm
can give instructions for exiting a crowded theater? “Fire! Run!
You're all gonna die!”

"When is software, or content
generated by software, 'speech'
for First Amendment purposes? That is the question that Andrew
Tutt seeks to answer in an article published today in the Stanford
Law Review Online. He argues that the two approaches commentators
and the Supreme Court have proposed are both incorrect. Software
or software-generated content is not always speech simply because it
conveys information. Nor is software only speech when it resembles
traditional art forms. Instead, the courts should
turn to the original purposes of the First Amendment to develop a new
approach that answers this question more effectively."

So when TSA said, “We are certain...”
what they really meant was, “Someone told us this is so and we
trust them so much we don't need to check (not that we have anyone on
staff that actually knows anything about this techy-knowlegdey
thingie).”

"The Robotics
Institute at CMU has been developing systems to learn from
humans. Using a Machine Learning class of techniques called
Imitation
Learning our group has developed AI software for a small
commercially available off-the-shelf ARdrone
to autonomously fly through the dense trees for over 3.4 km in
experimental runs.
We are also developing methods to do longer range planning with such
purely vision-guided UAVs. Such technology has a lot of potential
impact for surveillance, search and rescue and allowing UAVs to
safely share airspace with manned airspace."

Perhaps a helpful background guide to
my “Etiquette of e-Communication”

"Social media presents
particular implications for managing employment relations within
organizations. The use and abuse of social media can touch on all
aspects of the employment relationship: from employers digging
social media data as a recruitment tool, to the control of
employees’ social media use, to monitoring and the private vs.
public debate, to questions over the ownership of data, to
disciplinary and termination issues and what an employer can
lawfully do when it believes an employee has overstepped the social
media mark, to post-termination competition issues. These are all
issues that we are talking about with our clients on an increasingly
frequent basis. So we thought that the time was ripe to address
these questions within this publication. We are delighted to
present a country by country guide to social media
in the workplace with contributions from 17 of our
offices across Asia Pacific, Europe, Latin America and North
America. Each office has addressed the same set of questions
covering employment issues from recruitment through to termination,
through to post-termination competition, through to the use of
social media in legal proceedings.

As Congress considers the “If it can
happen to Petraeus it can happen to me” bill...

"This report provides an
overview of federal law governing wiretapping and electronic
eavesdropping under the Electronic Communications Privacy Act
(ECPA). It also appends citations to state law
in the area and the text of ECPA. It is a federal crime to wiretap
or to use a machine to capture the communications of others without
court approval, unless one of the parties has given his prior
consent. It is likewise a federal crime to use or disclose any
information acquired by illegal wiretapping or electronic
eavesdropping. Violations can result in imprisonment for not more
than five years; fines up to $250,000 (up to $500,000 for
organizations); civil liability for damages, attorneys’ fees and
possibly punitive damages; disciplinary action against any attorneys
involved; and suppression of any derivative evidence. Congress has
created separate, but comparable, protective schemes for electronic
communications (e.g., email) and against the surreptitious use of
telephone call monitoring practices such as pen registers and trap
and trace devices. Each of these protective schemes comes with a
procedural mechanism to afford limited law enforcement access to
private communications and communications records under conditions
consistent with the dictates of the Fourth Amendment. The
government has been given narrowly confined authority to engage in
electronic surveillance, conduct physical searches, and install and
use pen registers and trap and trace devices for law enforcement
purposes under ECPA and for purposes of foreign intelligence
gathering under the Foreign Intelligence Surveillance Act."

"Gartner's released a report on
worldwide numbers of 2012
3Q phone sales and the staggering results posted from Android
have caused
people like IW's Eric Zeman to call for sanity. Keep in mind
these are worldwide numbers, which might be less surprising when you
realize that the biggest growth market of them all is China, which is
more
than 90% Android. It's time to face the facts and realize
that Android now owns 73% of the worldwide smartphone market.
While developers bicker over which platform is best for development
and earnings, the people of the world may be making the choice based
on just how inexpensive an Android smartphone can be. This same time
last year, Gartner reported Android at 52.5% of market share and it
now sits at 72.4% market share with over 122 million units sold
worldwide."

People who want to take Office 2013 for
a spin can download a 60-day evaluation edition.

The version available is the full
Microsoft Office
Professional Plus 2013 suite, which includes Word, PowerPoint, Excel,
Outlook, OneNote, Access, Publisher, and Lync. The software contains
all the features in the paid edition, so you won't miss out on
anything.

Four years after it launching its first
graduate program with USC, 2U today has announced its foray into
undergraduate education through a new program called Semester
Online. The company will be powering a virtual classroom
environment and interactive platform for a consortium of 10 top
universities, including some it’s already been working with (Duke
and UNC) — along with newcomers like Northwestern, Emory and
Brandeis — to name a few.

Beginning in the fall of 2013, the
program will be open to any student enrolled in an undergraduate
program anywhere in the world, with courses set to debut next fall
(along with a handful of new institutions). Semester Online’s
courses will feature the same faculty and curricula as their
brick-and-mortar counterparts.

… What’s so cool about 2U’s new
platform is that it’s not a MOOC. As
Inside Higher Ed’s Steve Kolowich wrote today, 2tor’s program
really represents the next phase of this evolution and is the first
real example of a collective of top higher ed institutions offering
the same courses and teachers that a student would find in the
physical classroom, yet in an online-only setting that actually
offers credited courses to students who aren’t enrolled at the
universities offering them.

That’s not to say there aren’t
alternatives. StraighterLine
offers a subscription-based (and relatively affordable) service
that allows students to take a variety of accredited, general ed
courses online, but it focuses on the first two-years of colleges,
can’t offer you a diploma and hasn’t yet added course content
from the cream of the crop.

Thursday, November 15, 2012

“We are completely incompetent when
it comes to Computer Security and we always will be.” NOTE: I
searched http://www.mandiant.com/
for information on “the Hand” but found none. Must be new or top
secret or imaginary...

Gov. Nikki Haley says new layers of
security are being added in the wake of a massive security breach,
but she said at a news conference Wednesday that even
with what is now known, there is "no way to say it could have
been prevented."

The massive security breach at the
South Carolina Department Revenue could earn the hackers as much as
$360 million by using just 1 percent of the affected taxpayers
returns, the State newspaper is reporting. [Equally
fantastic... Bob]

… Investigators believe that a
hacker tricked someone at the Department of Revenue into opening
a file that gave the hacker access to the system. [the Password
file? Bob]

At the news conference, Haley said that
she has issued a second executive order that calls for cabinet
agencies to be monitored 24-7. The monitoring will require the
addition of four fulltime employees, with the cost of their salaries
split by five cabinet agencies.

She said another layer of security will
be provided by a piece of equipment called The Hand that is being
purchased from the computer forensics and security company Mandiant
at a cost of $160,300. She said the Hand will detect
any movement of large files and will shut any effected machines down
immediately and contact Department
State Information Technology.

… DSIT will also monitor traffic
patterns in real time to be sure no data is taken from the network.

This letter certainly comes with an
abundance of something, but it doesn't smell like caution.

Here’s another notification
letter submitted to the California Attorney General’s Office
that left me scratching my head. It’s from the law firm of
Sprechman & Associates, P.A. in Miami, a firm
that specializes in collections. My comments and questions are
inserted in italics:

Dear XXXXXX:

I am writing to
advise you that your personally identifiable information
(“Information”) may have been viewed by a former
employee of Sprechman & Associates without permission.
Specifically, the former employee may have viewed your name, address,
date of birth, driver’s license number, and/or social security
number.

“May have?” Why don’t you
know? Don’t you maintain logs?

Sprechman &
Associates learned of this incident in July 2012, but was unable to
notify you until now because notification at that time may have
interfered with a law enforcement investigation and the
best known contact information for potentially affected individuals
was not known until October 2012. [Why would that be? Bob]

How did you learn
of it? And when did the improper access
occur, if it occurred? How long was this problem going on for? Was
there any indication of misuse of anyone’s information? Did law
enforcement actually ask you not to disclose this sooner or did you
just make that decision on your own? If they asked you to delay
notification, when did they tell you that you could go ahead and
notify?

Although we cannot
be sure that your Information was in fact used in an inappropriate
manner, in an abundance of caution we are informing you that such
viewing of your information may have occurred.

What Information
May Have Been Viewed, When and By Whom?

One of our
employees may have performed unauthorized searches on you. This
information may have included your name, address, date of birth,
driver’s license number, and social security number. We are
advising you of this matter in an abundance of caution, but we stress
that we cannot be sure that your Information was in fact used in an
inappropriate manner. In fact, we cannot even be sure that your
Information was actually viewed, but we are providing this notice out
of an abundance of caution.

You can’t be sure it was viewed
and/or misused, but you can’t be sure it wasn’t viewed and/or
misused, right? So why aren’t you offering free credit protection
and restoration services?

How Have We
Responded to This Issue

Nonetheless, we
certainly understand that this may be cause for concern. Additional
information and support resources are available through the
non-profit Identity Theft Resource Center at www.idtheftcenter.org,
by calling (858) 693-7935, or via e-mail at itrc@idtheftcenter.org.

Other Steps You
Can Take:

[...]

So you haven’t actually done
anything to respond to this issue other than notify law enforcement
and send out this notification letter? How about hardening your
security and access to records? How about improving auditing so you
can tell who’s accessed what? How about offering affected
individuals some services?

If the law firm would like to provide
additional information, I’ll be happy to post it or update this
entry, but overall, I find their notification and response
inadequate. They do provide a phone number to call if recipients
have questions, but the letter isn’t even signed by an individual –
only by “Notice Department.”

The Israel Defense Forces didn’t just
kill Hamas military leader Ahmed al-Jabari on Wednesday as he was
driving his car down the street in Gaza. They killed him and then
instantly posted the strike to YouTube. Then they tweeted a warning
to all of Jabari’s comrades: “We recommend that no Hamas
operatives, whether low level or senior leaders, show their faces
above ground in the days ahead.”

The Jabari hit is part of the biggest
assault the IDF has launched in more than three years on Gaza, with
more
than 20 targets hit. And it’s being accompanied
by one of the most aggressive social media offensives ever launched
by any military. Several
days before Jabari’s elimination, the IDF began liveblogging
the rocket attacks on southern Israel coming from Gaza. Once
“Operation Pillar of Defense” began, the IDF put up a Facebook
page, a Flickr feed, and, of course, a stream of Twitter taunts —
all relying on the same white-on-red English-language graphics.
“Ahmed
Jabari: Eliminated,” reads a tweet from 2:21 p.m. Eastern time
on Wednesday.

(Related) What are the rules here? I
can see keeping HOW we will respond secret, but we should be
announcing (not leaking) that we WILL respond.

President Obama has signed a secret
directive that effectively enables the military to act more
aggressively to thwart cyber attacks on the nation’s web of
government and private computer networks.

Presidential Policy Directive 20
establishes a broad and strict set of standards to guide the
operations of federal agencies in confronting threats in cyberspace,
according to several U.S. officials who have seen the classified
document and are not authorized to speak on the record. The
president signed it in mid-October.

… An example of a defensive
cyber-operation that once would have been considered an offensive
act, for instance, might include stopping a computer attack by
severing the link between an overseas server and a targeted domestic
computer. [That's nonsense, unless the severing is
done with explosives on foreign soil. Bob]

“That was seen as something that was
aggressive,” said one defense official, “particularly by some at
the State Department” who often are wary of actions that might
infringe on other countries’ sovereignty and undermine U.S.
advocacy of Internet freedom. Intelligence agencies are wary of
operations that may inhibit intelligence collection. The Pentagon,
meanwhile, has defined cyberspace as another military domain —
joining air, land, sea and space — and wants flexibility to operate
in that realm.

… But repeated efforts by officials
to ensure that the Cyber Command has that flexibility have met with
resistance — sometimes from within the Pentagon itself — over
concerns that enabling the military to move too freely outside its
own networks could pose unacceptable risks. A major concern has
always been that an
action may have a harmful unintended consequence, such as shutting
down a hospital generator.

… Officials say they expect the
directive will spur more nuanced debate over how to respond to
cyber-incidents. That might include a cyberattack that wipes data
from tens of thousands of computers in a major industrial company,
disrupting business operations, but doesn’t blow up a plant or kill
people.

The new policy makes clear that the
government will turn first to law enforcement or traditional network
defense techniques before asking military cyberwarfare units for help
or pursuing other alternatives, senior administration officials said.

Looks like things are back to normal in
New Jersey for at least one group. I wonder what the “It fell
off-a da truck” price will be?

Apple’s iPad
mini seems to be a success, and that has attracted the criminal
element’s attention. According to the New
York Post, a shipment of Apple’s iPad mini, numbering 3,600
devices and with a total value of $1.5 million, was taken from JFK
airport from the same location that a group stole $5 million in cash
and $900,000 in jewelry in 1978. [Now we can film
“i-Goodfellas” the sequel Bob]

Trevor Timm of EFF has a great
commentary on the FBI investigation that mushroomed and mushroomed
and mushroomed. Here’s a snippet:

Congress is now
demanding to know why it wasn’t informed by the Justice
Department about the details of the Petraeus affair earlier.
Lawmakers should instead be worried about why the public was informed
of these details at all, given that no crime was committed. And
instead of investigating one man’s personal life, they should
investigate how to strengthen our privacy laws so this does not
happen to anyone else.

The U.S.
government has so far been unable to keep its colossal surveillance
state in check. Now that it is so bloated it is eating itself, one
hopes more people will finally pay attention.

Not only does Congress need to
investigate what happened, but the DOJ OIG needs to investigate this
and issue a report to the public promptly. Did the FBI act lawfully
at all times or did they misuse their tools and authority? How does
a complaint by someone about a few mean emails – which may be
protected speech and not criminal at all – result in an
investigation that looks into the communications between a ranking
general and others? If it’s not even clear any crime was
committed, should our government be able to snoop so extensively
without judicial oversight? If a court granted the FBI a warrant,
well, to be blunt, what the hell was the judge thinking or what was
the judge told to justify the privacy invasion?

Trevor emphasizes the fact that the
public never should have been told about this investigation at all.
It’s a fair point, but would we really rather not know that our
government can do these things to us?

Some of us have been saying for years
that ECPA needs to be updated and more privacy protections need to be
incorporated. Some of us have also been saying for years that
providers need to shorten their data retention periods. If you don’t
retain it, the FBI can’t get it from you. NOW will you
listen to us? How many more lives or careers will be ruined until
Congress and providers take steps to genuinely protect the privacy of
our electronic communications?

Reporting on their grasp of the
obvious? I remember a Great Aunt telling me about soldiers guarding
at each bridge along a minor spur railroad in central New Jersey.
Perhaps this would be a job stimulus if we let the TSA provide
similar security for pipelines and the power grid?

"The electric power delivery
system that carries electricity from large central generators to
customers could be severely damaged by a small number of
well-informed attackers. The system is inherently
vulnerable because transmission lines may span hundreds of
miles, and many key facilities are unguarded. This vulnerability is
exacerbated by the fact that the power grid, most of which was
originally designed to meet the needs of individual vertically
integrated utilities, is being used to move power between regions to
support the needs of competitive markets for power generation.
Primarily because of ambiguities introduced as a result of recent
restricting the of the industry and cost pressures from consumers and
regulators, investment to strengthen and upgrade the grid has lagged,
with the result that many parts of the bulk high-voltage system are
heavily stressed. Electric systems are not designed to withstand or
quickly recover from damage inflicted simultaneously on multiple
components. [New Jersey found that out recently...
Bob] Such an attack could be carried out by knowledgeable
attackers with little risk of detection or interdiction. Further
well-planned and coordinated attacks by terrorists could leave the
electric power system in a large region of the country at least
partially disabled for a very long time. Although there are many
examples of terrorist and military attacks on power systems elsewhere
in the world, at the time of this study international terrorists have
shown limited interest in attacking the U.S. power grid. However,
that should not be a basis for complacency. Because all parts of the
economy, as well as human health and welfare, depend on electricity,
the results could be devastating. Terrorism
and the Electric Power Delivery System focuses on measures that
could make the power delivery system less vulnerable to attacks,
restore power faster after an attack, and make critical services less
vulnerable while the delivery of conventional electric power has been
disrupted."

Anyone taking bets? I imagine each
discovery request would want “each and every contact” with
everyone involved. Should make for lots of jobs for my Data Mining
students...

"The Salt Lake Police
department will be much more transparent with their law enforcement.
A program is being rolled out to require officers wear glasses
equipped
with a camera to record what they see. Of course, there are
several officers opposed to this idea, who will resist the change.
One of the biggest shockers to me is that the police chief is in
strong support of this measure: 'If Chief Burbank gets his way, these
tiny, weightless cameras will soon be on every
police officer in the state.' With all the
opposition of police officers being recorded by citizens that we are
seeingthroughout
the country,
it is quite a surprise that they would make a move like this. The
officers would wear them when they are investigating crime scenes,
serving warrants, and during patrols. Suddenly Utah isn't looking
like such a bad place to be. Now we just need to hope other states
and departments would follow suit. It sure will be nice when there
is video evidence to show the real story."

It's not only the Air Force that trys
to do everything is one “swell foop.” This is much too large a
project to control. What do they actually need that could be
developed in six months or less?

"The U.S. Air Force has decided
to scrap a major ERP (enterprise resource planning) software project
after
spending $1 billion, concluding that finishing it would cost far
too much more money for too little gain. Dubbed the Expeditionary
Combat Support System (ECSS), the project has racked up $1.03 billion
in costs since 2005, 'and has not yielded any significant military
capability,' an Air Force spokesman said in a statement. 'We
estimate it would require an additional $1.1B for about a quarter of
the original scope to continue and fielding would not be until 2020.
The Air Force has concluded the ECSS program is no longer a viable
option for meeting the FY17 Financial Improvement and Audit Readiness
(FIAR) statutory requirement. Therefore, we are canceling the
program and moving forward with other options in order to meet both
requirements.'"

… Numbers wise, in the third
quarter of this year, mobile phone owners sent an average of 678
texts per month, which is down from 696 texts a month in the previous
quarter. This isn’t a huge decline, but it’s the first ever
decline that has been recorded. And it’s not a big concern for
users, and it’s also not a big deal for carriers, since a bulk of
their revenue comes from data plans.

I use LightShot myself, but each App is
slightly different so you have to try them to see which “feel”
best...

ScreenSnag is a downloadable desktop
application that lets you easily take a photo of your computer
screen. You can capture an an entire screen, region of the screen, a
window, or an element on the window with single hotkey or a click.

It has a Timer option
to perform screen captures at your defined intervals. It
has many configuration settings depending on the situation. Save
different settings’ combinations into profiles for quicker access
later on.

To see all the available features of
the app, download it for free from their
website.

Learnist,
which I've described in the past as Pinterest
for learning, announced today that you no longer have to use
Facebook or Twitter to register and use their service. You can now
register for and use Learnist with an email account. The service is
still available only to people who request a beta invite, but it
seems that beta invites come quickly.

… Learnist provides another
professional learning community in which you collaborate on the
collation of resources that are beneficial to you and your students.

One of my smarter friends (Dr. Michelle
Post) just published a couple of eBooks. I expect she'll be writing
one a week soon.

Heaven Has Tea
Parties,
http://www.amazon.com/dp/B00A78LD2E,
is about the loss of my mother and God's healing in this loss. All
proceeds from the sale of the book will be donated to the American
Parkinson Disease Association in memory of my mother, Annie.

On October 31,
2012, a NASA laptop and official NASA documents issued to a
Headquarters employee were stolen from the employee’s locked
vehicle. The laptop contained records of sensitive personally
identifiable information (PII) for a large number of NASA employees,
contractors, and others. Although the laptop was password protected,
it did not have whole disk encryption software,
which means the information on the laptop could be accessible to
unauthorized individuals. We are thoroughly assessing and
investigating the incident, and taking every possible action to
mitigate the risk of harm or inconvenience to affected employees.

A Skype
security flaw could allow rogue users to seize control of your
account using nothing more than your email address, thanks to subpar
recovery policies that can be easily gamed. The exploit depends on
Skype’s policy of reminding new sign-ups of any existing usernames
they have previously registered, when they attempt to re-register
using the same email address. According to The
Next Web, with a minor amount of tinkering, it’s
possible to reset another user’s password and thus grab hold of
their account.

… Skype is apparently conducting an
“internal investigation” into the loophole, though for now
there’s no official comment on when it might be closed off. The
hack was first reported on a Russian forum roughly two months ago,
it’s said, with the person responsible for discovering the exploit
claiming to have told Skype about it with no apparent change in
recovery security.

So the 1.7 million voter database WAS
exposed, but it's no big deal. (Unless it exposes all the dead or
fictional voters?)

Chicago election
board officials confirmed Tuesday that sensitive personal information
for about 1,200 people was exposed online but denied allegations by a
computer security firm that the breach was much broader.

The firm,
Forensicon, announced it uncovered the problem while researching
voting patterns. It alleged that personal information of up to 1.7
million registered Chicago voters was exposed on the website of the
Chicago Board of Elections Commissioners.

An election board
spokesman accused the firm of overplaying the problem. James Allen
said the database of 1.7 million registered voters included no
personal information beyond what is already public record—name,
address and voter registration number. “Anyone can request that
information from us, and we have to produce it,” Allen said.
“There’s absolutely no sensitive information there.”

However, Allen
said due to a mistake by the election authority, another database was
inadvertently exposed online with names, addresses, drivers license
numbers and the last four digits of social security numbers for
around 1,200 people who had applied to work for the board in Chicago
polling places on Election Day.

"A chilling article by
Darkreading's Kelly Jackson Higgins describes how the growing
accessibility of hacking tools like RATs (Remote Access Trojans) have
made
cyber-espionage possible for more than just those financially backed
by large nation-states, and speculates on what the implications
of this may be: 'Researchers at Norman Security today revealed that
they recently analyzed malware used in phishing emails targeting
Israeli and Palestinian targets and found that attackers used malware
based on the widely available Xtreme RAT crimeware kit. The attacks,
which first hit Palestinian targets, this year began going after
Israeli targets, including Israeli law enforcement agencies and
embassies around the world. Norman says the same attacker is behind
the attacks because the attacks use the same command-and-control
(C&C) infrastructure, as well as the same phony digital
certificates. This attack campaign just scratches the surface of the
breadth and spread of these types of attacks around the world as more
players have been turning to cyberspying. "We're
just seeing the tip of the iceberg," says Einar Oftedal, deputy
CTO at Norman.'"

As a privacy advocate, you might have
expected me to blog about the Broadwell-Petraeus-Kelley-Allen
scandal, with emphasis on the federal govt’s ability or legal
authority to snoop through the records of people who seemingly have
committed no crime.

So how did the FBI get authorization to
snoop? Well, it turns out that they really didn’t much
authorization, and what they did need is all too easy to acquire.

Kade Ellis has a great write-up on
PrivacySOS
about how unfettered access endangers all of us. She’s
preaching to the privacy choir, though, as we already know that we
want a probable cause warrant standard for a lot of things where no
warrant is currently required.

Keep in mind that this whole sordid
affair only came out because someone in the FBI did a
friend a favor when there was no clear legal
justification for the FBI to get involved at all.

So whom do you know who has a friend in
the FBI who could start an investigation of you? Are you okay with
the FBI accessing your email accounts when you’ve done nothing
illegal?

Will Congress hear us now? Will
they start to worry about the privacy of their own accounts?
One can only hope, but frankly, I’m not particularly optimistic
that this scandal will lead to more protective legislation. I’d
love to be proven wrong.

You may not be
having an affair with a high-ranking American Intelligence Official,
but that doesn’t mean that Big Brother isn’t watching you
nonetheless. Or, at least, that might be the impression that you’re
left with upon discovering that Google has reported a
significant jump in the amount of government surveillance
of online activity in recent months, especially when compared with
just a few years ago.

The current U.S.
approach to privacy regulation fails to account for the effects of
information sharing created by the ascendance of technologies that
permit things such as Big Data or fusion centers, said Daniel Solove,
a noted privacy law researcher and a professor at George Washington
University. He spoke Nov. 9 during a symposium
on privacy and technology held by the Harvard Law Review.

The current model,
which Solove dubbed the “privacy self-management approach,” takes
refuge in the notion of consent, he said.

"As part
of Virginia's waiver to opt out of mandates set out in the No Child
Left Behind law, the state has created a controversial new set of
education goals that are higher for white and Asian kids than for
blacks, Latinos and students with disabilities. ... Here's what the
Virginia state board of education actually did. It looked at
students' test scores in reading and math and then proposed new
passing rates. In math it set an acceptable passing rate at 82
percent for Asian students, 68 percent for whites, 52 percent for
Latinos, 45 percent for blacks and 33 percent for kids with
disabilities."

… "After I ordered from Papa
John's, my telephone started beeping with text messages advertising
pizza specials," one of the plaintiffs in the case Erin Chutich
said in a statement.
"Papa John's never asked permission to send me text message
advertisements."

Apparently, in 2010, Papa John's hired
a mass text messaging service called OnTime4U to text ads to its
customers as a way to boost profits. According to the lawsuit (PDF),
which was certified by U.S. District Court Judge John C. Coughenour
on November 9 in Seattle, certain Papa John's franchisees gave
OnTime4U lists of customers phone numbers without getting consent
from those individuals first.

If the judge decides that Papa John's
is guilty of willfully sending the spam messages, this
case could become one of the largest damages awards ever
given under the federal Telephone Consumer Protection Act, which
deems it illegal to send ads via text without an opt-in option. The
lawsuit claims that 500,000 unwanted messages
were sent to customers nationwide and that the pizza chain should pay
$500 for each text.

It's like “Double Secret Probation”
and AT&T is Dean Wormer! (Interesting comments, but no solution
– if they want to charge you extra they will and there is nothing
you can do about it.)

"As many of you know, AT&T
has implemented caps on DSL usage. When this was implemented, I
started getting emails letting me know my usage as likely to exceed
the cap. After consulting their Internet Usage web page, I felt the
numbers just weren't right. With the help of Tomato on my router, I
started measuring my usage, and ended up with numbers substantially
below what AT&T was reporting on a day-to-day basis. Typically
around 20-30% less. By the way, this usage is the sum of inbound and
outbound. At this point, I decided to contact AT&T support to
determine what exactly they were defining as usage, as their web
pages never really define it. Boy, did I get a surprise. After
several calls, they finally told me they
consider the methodology by which they calculate bandwidth usage to
be proprietary.
Yes, you read that right; it's a secret. They left me with the
option to contact their executive offices via snail mail. Email was
not an option. So, I bring my questions to you, all-knowing
Slashdotters: are there any laws that require
AT&T to divulge how they are calculating data usage?
Should I contact my state's commerce commission or the FCC to
attempt to get an answer to this?"

Everyone has their set of favorite
websites. No matter what your hobbies and interests are, I’m sure
you can think of at least five websites you love and visit often just
off the top of your head. But just like other habits, when we’re
set in our ways and our websites, we don’t always remember to look
elsewhere.

… Similar websites are a great way
to discover new websites, while making sure you stay on track and
find things you’re really interested in. It’s time to start a
new Web journey: use the tools listed below to expand your horizons
and find more of your favorites!

If you don't get it from reading the
textbook and the “How to” video is gibberish, and My lectures are
not adequate, there are still thousands of resources you can try
before giving up and actually asking a question...

… a few websites have set out to
provide decent education
in the format of online universities. However, what makes it great is
that these websites offer all of their material for free (well,
for the most part).

"Should Google be held liable
for images that appear in its search results? An Australian court
has said yes. 'A Melbourne man who won a defamation case against
search engine giant Google has been awarded
$200,000 in damages. Milorad Trkulja, also known as Michael,
sued the multinational over images of him alongside a well-known
underworld figure that appeared in its search results. A six-person
Supreme Court jury found last month that Mr Trkulja had been defamed
by the images, which he first contacted Google about removing in
2009.'"

Interesting, if only to prove that
lawyers are just like anyone else... (Shocking, I know)

Thinking
Like Your Client: Strategic Planning in Law Firms - A report from
ALM Legal Intelligence, October 2012. "LexisNexis has spent the
past few years highlighting the difference between the practice of
law and the business of law; and the lackluster economic conditions
over that same time span have only served to reinforce how important
those differences are. Without a doubt, law firms have a thorough
and detailed understanding of the practice part; that’s their
forte. It’s the business of law part where shortfalls occur.

Revenue is the top priority in
most strategic plans. Yet, almost half of the respondents are
remiss in building, tracking and measuring client loyalty and
satisfaction. Are firms overlooking the direct link between revenue
and satisfied customers?

Profitability is the second
strategic plan priority. But, fewer than half are actively focused
on a non-billable hour strategy, and more than half can’t yet tell
if AFAs are more profitable than hourly rates. AFAs and various
pricing models have been around for a few years; they are not going
away. Isn’t it time to honestly reexamine the elements that make
your firm profitable?

Talent acquisition/retention holds
the third top spot for strategic priorities, although laterals
dominate the discussions and, apparently, everyone’s plans. How
sustainable are growth models tied to an on-going “musical chairs”
game of lateral talent shifting from firm to firm? Is anyone focused
on a plan for organic growth?"

“Ye olde technology is ye beste
technology” I know a couple lawyers who won't use a computer until
it's easier to press the keys with their quill pens...

Via LLRX
- Litigation,
trial and pre-trail iPad apps for lawyers: One of the most
popular and rapidly growing categories of apps for lawyers are those
developed for litigation, during trials and during the pretrial
discovery phase. In this article, attorney, legal blogger and legal
tech expert Nicole Black
recommends more than a dozen affordable, flexible and innovative iPad
apps to assist attorneys in their work to develop, streamline,
simplify and track critical litigation processes.

Iraq
Veterans Launch RallyPoint: A LinkedIn For The Military (And Life
After)

… According
to The Bureau of Labor Statistics, while the unemployment rate
among U.S. veterans has dropped to 8.3 percent, it still sits above
the national average, and for younger vets, the rate is even higher.
Taking up the cause of their fellow service men and women looking for
a better way to find employment after life in the armed forces, two
Iraq War veterans, Yinon Weiss and Aaron Kletzing, have launched
RallyPoint
— an online professional network that aims to empower American
veterans to take greater control over their careers — both inside
and outside the service.

… So, the co-founders have
developed RallyPoint into a private online network accessible only by
those currently on active duty, which extends to those in the
National Guard, Active Reserves, ROTC or Service Academies. In
the near future, Weiss says, the team will be opening the network up
to former service members, retirees, Department of Defense employees,
and so on. But for not, it’s focused purely on those
currently serving in the armed forces.

RallyPoint is free for members and has
no formal relationship with the military and doesn’t share its data
with the military or chain of command, the co-founders said.

Many of us deeply value some of the
tools that exist out there which make our lives so much easier. One
of the best examples is Dropbox, the application which seamlessly
synchronizes our files across all of our devices.

… The only real downside to Dropbox
is the limited amount of storage space we can synchronize.

Bitcasa plans to change that. In
short, Bitcasa is a synchronization tool which gives infinite space
to whichever folders you’d like. Unlike Dropbox, Bitcasa’s main
focus is actually expanding your folder’s available storage space
to a virtually unlimited amount rather than synchronization. This is
achieved by simply connecting the folder to Bitcasa’s cloud, where
you aren’t limited to a quota.

However, the service does come with a
good amount of additional features, including synchronization, easy
sharing, encrypted storage, and access via their website.

While Android and iOS applications are
still in the works, BitCasa is available for Windows, Mac OS X, and
Linux to allow true access from any computer.

Let the web do the work. A wide
variety of tools are dedicated to saving you time. From email to
social media to your own website, you could be wasting time doing
things free services could do for you, automatically. Getting these
services working takes a bit of knowledge, time and creativity, but
they almost always pay off.

Interested? Then it’s time to read
“Web Automation, Part 2“, by author Rahul
Saigal. This manual picks up where Web
Automation Part 1 left off. This time Rahul outlines ways to
automate collecting
citations, collecting reading material, your files
on the cloud and even your website.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.